Can I Use Passpoint with G-Suite?

Can I Use Passpoint with G-Suite?

May 7, 2020Patrick Grubbs

Passpoint is the premier tool for ensuring your users have network access while roaming, but it can be a little difficult to deploy. Fortunately, SecureW2 has a solution that integrates into your existing infrastructure to allow you to utilize Passpoint without any major network overhauls.

Below is an overview of the process.

Requirements for Passpoint with G-Suite

A G-Suite account

A G-Suite directory for use as an Identity Provider

SAML app configured through G-Suite

An active SecureW2 Cloud Connector subscription

Passpoint-supported Access Points and Devices

Configure a G-Suite IdP

This guide assumes you’ve already been using G-Suite as your identity provider. We will connect it to the SecureW2 platform through SAML to enable Passpoint.

If you have not yet configured a user directory through G-Suite, refer to this guide. If you’d like to use it for your WPA2-Enterprise network with EAP-TLS, SecureW2 has the industry’s most secure option. Learn about it here.

“Create” an Identity Provider in SecureW2

We will pre-register an IdP in SecureW2 that will later be connected to your existing G-Suite IdP.

In the Identity Management section, click on the Identity Provider

Click Add Identity Provider and fill the Name and Description sections

In the Type section, enter SAML and click Save

Create a SAML Application in Google Apps

Login to Google Admin Console

Click Apps and select SAML Apps

A yellow circle will appear in the bottom right corner. When you hover over it, you will see Enable SSO for a SAML Application, click on it

Click Set Up My Own Custom App

Download the IDP metadata

Navigate to the Identity Provider SecureW2 page, and click on the Configuration tab

Under Identity Provider (IDP) Info, click Choose File

Choose the downloaded metadata file, and then click Upload and then Update

Navigate back to the Google SAML App Setup

Enter the basic information for your app in step 3 of 5 (Application Name, Description) and then click Next

Step 4 requires an ACS URL and EntityId from the SecureW2 Management Portal

Navigate back to the SW2 Management Portal and copy the ACS URL and EntityId from the Identity Provider section, and paste it into the Service Provider Details of the Google SAML App Setup

Check the box for Signed Response in the Google Admin page, click Next and Finish

Enable Passpoint with G-Suite

Now that your G-Suite account is connected to SecureW2, you have access to the tools needed to implement Passpoint on your network.

You just need three more things:

Onboarding Client

OSU Server

Remediation Server

Onboarding Users for Passpoint

To avoid the burden of manually adding each user (or worse, asking them to self-enroll), you’ll need an onboarding client.

SecureW2 is well-known for its automatic onboarding software. Our management portal allows you to create and push a config package to MDM/AD-Domain managed devices or BYODs which prompts the end user to begin the automatic enrollment and subsequent self-configuration for their device. It’s a quick, foolproof way to get all of your users onboarded for your network and Passpoint.

Passpoint r2 and beyond allows users to self-enroll through an OSU (Online Sign Up) server, a very similar process to our own onboarding software. It also requires you to set up a Remediation server for users that fail to enroll, usually because their device OS isn’t updated. The remediation server provides limited network access to help users troubleshoot their issue and correctly configure their device.

SecureW2 Enables Passpoint for G-Suite

Ready to deploy Passpoint on your network to enable roaming for users without a major infrastructure overhaul? SecureW2 can integrate into your existing network and fill in the gaps without any forklift upgrades.

We have affordable options for organizations of all sizes. Click here to see our pricing.

Related Posts

A man-in-the-middle (MITM) attack is an incredibly dangerous type of cyber attack that involves a hacker infiltrating a private network by impersonating a rogue access point and acquiring login credentials. According to IBM’s X-Force Threat Intelligence Index, 35% of exploitation …

The best way to ensure roaming internet access for employees is by deploying Passpoint. Whether you just need to be covered across campus or want to extend your network to nearby partners, Passpoint allows you to stay seamlessly switch between …

An Okta RADIUS server agent is a lightweight program that runs as a service outside of Okta. It is usually installed outside of a firewall which gives Okta a route to communicate between an on-premise server and Okta’s cloud network. …